Remote Support Security

How BeyondTrust Enables Secure Remote Support

BeyondTrust has always been designed with security at the forefront. Not only is the product architecture superior from a security standpoint, the product itself has a number of features that strengthen the security on a day to day basis.

Businesses today must not only meet increasingly stringent company security policies, but many are also subject to industry compliance mandates such as HIPAA or PCI. With BeyondTrust, you can focus on solving user problems, not security concerns.

Secure Architecture

We provide each customer a segmented, single-tenant environment. Your data is never co-mingled with data from any other customer.

BeyondTrust offers the greatest number of deployment options, so you can select the choice that corresponds with the security requirements of your business. From on-premises and virtual appliances to the BeyondTrust Cloud, get the best deployment option for your business.

Unique Configuration by Customer

The BeyondTrust software itself is uniquely built for each customer, and each organization has its own unique URL and customer client. To generate further trust, add your logo, a customer watermark, and rep profile photos.

No VPN

BeyondTrust works through firewall without VPN tunneling, so your perimeter security can remain intact. Outbound only session traffic uses TCP Port 443. BeyondTrust's infrastructure has very minimal port exposure, which drastically reduces the potential exposed attack surface of the your support site.

Authentication

Most remote support solutions require you to create support rep accounts manually or with a convoluted semi-automated process. BeyondTrust seamlessly integrates with external user directories, such as LDAP, for simple and secure user management.

With BeyondTrust, you can leverage your existing directories LDAPS, Kerberos, Smart Card, RADIUS) so that if you change a support rep’s account in Active Directory, it is automatically reflected in Bomgar.

BeyondTrust lets you associate group policies in BeyondTrust with groups in your directory, so that if you move a rep from one group to another in LDAPS, their permissions in BeyondTrust are automatically updated to reflect their new role.

Native Two-Factor Authentication

Two factor authentication increases the security of remote access by requiring a second factor (one time passcode) to login, in addition to the password. It’s available for every Bomgar user at no additional cost. If you are already using a 2FA solution, you can use it with BeyondTrust too.

BeyondTrust Vault for Remote Support

Securely store, share, and track the use of privileged credentials by the IT service desk. BeyondTrust Vault for Remote Support fits seamlessly with your service desk workflow and mitigates the threats in your service desk related to stolen credentials and passwords.

Jump Groups and Roles

Grant access with even more granularity so that just the right levels of access are granted to those who need it, enforcing the concept of “least privilege” in your service desk. BeyondTrust includes a large number of granular permissions that can be granted to manage which features in BeyondTrust a representative has access to and can require end-user prompting so that the user receiving support must approve representative actions.

Policies can be set for users, groups, or sessions, giving administrators significant flexibility and control. Group policies integrate easily with external directory stores to assign permissions based on your existing structures. Session permission policies enable building a security model for each specific support scenario. You can also restrict BeyondTrust use logins to certain times of day.

Data Encryption

BeyondTrust can be configured such that it enforces the use of SSL for every connection made to the site. BeyondTrust encrypts all data in transit using TLSv1.2, and data at rest encryption can be enabled with your organization’s key management solution. Available cipher suites can be enabled or disabled and reordered as needed to meet the needs of your organization.

Session Logging

Session logging allows for the review of all customer and support representative interactions, and all the events of an individual support session are logged as a text-based log. This log includes representatives involved, permissions granted by the customer, chat transcripts, system information, and any other actions taken by the BeyondTrust representative.

BeyondTrust also allows enabling video session recordings. This records the visible user interface of the customer screen for the entire screen sharing session. Session logging data is available on the appliance in an un-editable format for up to 90 days, but it can be moved to an external database using the BeyondTrust API or the BeyondTrust Integration Client.